[PATCH v1 6/6] ShellPkg: acpiview: SRAT: Prevent buffer overruns

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Krzysztof Koch" <krzysztof.koch@arm.com>
To: <devel@edk2.groups.io>
Cc: <jaben.carsey@intel.com>, <ray.ni@intel.com>,
	<zhichao.gao@intel.com>, <Sami.Mujawar@arm.com>,
	<Matteo.Carlini@arm.com>, <nd@arm.com>
Subject: [PATCH v1 6/6] ShellPkg: acpiview: SRAT: Prevent buffer overruns
Date: Thu, 1 Aug 2019 09:44:07 +0100	[thread overview]
Message-ID: <20190801084407.48712-7-krzysztof.koch@arm.com> (raw)
In-Reply-To: <20190801084407.48712-1-krzysztof.koch@arm.com>

Modify the SRAT parsing logic to prevent reading past the table buffer
length provided.

Check if the Static Resource Allocation Structure's buffer fits in the
SRAT table buffer before its contents are dumped.

Prevent buffer overruns when reading the Static Resource Allocation
Structure's header.

References:
- ACPI 6.3, January 2019, Section 5.2.16

Signed-off-by: Krzysztof Koch <krzysztof.koch@arm.com>
---

Notes:
    v1:
    - Prevent buffer overruns in SRAT acpiview parser [Krzysztof]

 ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c
index 59c77401eaab32b73a9f83fd4d63785221b3c222..a8aa420487bb6bf29fc38221d0b221573c64b8b3 100644
--- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c
+++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c
@@ -215,10 +215,22 @@ ParseAcpiSrat (
       0,
       NULL,
       ResourcePtr,
-      2,  // The length is 1 byte at offset 1
+      AcpiTableLength - Offset,
       PARSER_PARAMS (SratResourceAllocationParser)
       );
 
+    // Make sure the SRAT structure lies inside the table
+    if ((Offset + *SratRALength) > AcpiTableLength) {
+      IncrementErrorCount ();
+      Print (
+        L"ERROR: Invalid SRAT structure length. SratRALength = %d. " \
+          L"RemainingTableBufferLength = %d. SRAT parsing aborted.\n",
+        *SratRALength,
+        AcpiTableLength - Offset
+        );
+      return;
+    }
+
     switch (*SratRAType) {
       case EFI_ACPI_6_2_GICC_AFFINITY:
         AsciiSPrint (
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'

next prev parent reply	other threads:[~2019-08-01  8:46 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-01  8:44 [PATCH v1 0/6] Prevent buffer overruns in acpiview table parsers Krzysztof Koch
2019-08-01  8:44 ` [PATCH v1 1/6] ShellPkg: acpiview: DBG2: Prevent buffer overruns Krzysztof Koch
2019-08-01  9:33   ` [edk2-devel] " Alexei Fedorov
2019-08-05  6:48   ` Gao, Zhichao
2019-08-05  8:21     ` Krzysztof Koch
2019-08-06  7:43       ` [edk2-devel] " Gao, Zhichao
2019-08-06 10:44         ` Krzysztof Koch
2019-08-07  1:52           ` Gao, Zhichao
2019-08-01  8:44 ` [PATCH v1 2/6] ShellPkg: acpiview: GTDT: " Krzysztof Koch
2019-08-01  9:33   ` [edk2-devel] " Alexei Fedorov
2019-08-05  7:23   ` Gao, Zhichao
2019-08-05  9:54     ` Sami Mujawar
2019-08-06  4:58       ` Gao, Zhichao
2019-08-01  8:44 ` [PATCH v1 3/6] ShellPkg: acpiview: IORT: " Krzysztof Koch
2019-08-01  9:32   ` [edk2-devel] " Alexei Fedorov
2019-08-01  8:44 ` [PATCH v1 4/6] ShellPkg: acpiview: MADT: " Krzysztof Koch
2019-08-01  9:32   ` [edk2-devel] " Alexei Fedorov
2019-08-01  8:44 ` [PATCH v1 5/6] ShellPkg: acpiview: PPTT: " Krzysztof Koch
2019-08-01  9:31   ` [edk2-devel] " Alexei Fedorov
2019-08-01  8:44 ` Krzysztof Koch [this message]
2019-08-01  9:30   ` [edk2-devel] [PATCH v1 6/6] ShellPkg: acpiview: SRAT: " Alexei Fedorov
2019-08-01  9:33 ` [edk2-devel] [PATCH v1 0/6] Prevent buffer overruns in acpiview table parsers Alexei Fedorov
2019-08-06  8:10 ` Gao, Zhichao
2019-08-07  8:46 ` Sami Mujawar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:59c77401eaab32b73a9f83fd4d63785221b3c22
dfblob:a8aa420487bb6bf29fc38221d0b221573c64b8b )
 OR (
bs:"[PATCH v1 6/6] ShellPkg: acpiview: SRAT: Prevent buffer overruns" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190801084407.48712-7-krzysztof.koch@arm.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox